Question 1

Application errors expose a lot of information about the code and its environment.

Accepted Answer

This is true because error messages often include the specific details of what went wrong in the code, and can also reveal system configuration and other sensitive information. It is important to handle errors carefully and avoid exposing any unnecessary or sensitive information in error messages.

Question 2

There is only one type of error in application development: compile-time errors.

Accepted Answer

There are two types of errors in application development: compile-time errors and runtime errors.

Question 3

An exception handler can only be created to log error messages for developers.

Accepted Answer

An exception handler can be created to handle and manage errors, including logging error messages for both developers and users.

Question 4

PHP is the most popular server-side language in Web development and continues to evolve as the market leader in application security.

Accepted Answer

While PHP is a widely used server-side language, it is not specifically recognized as the market leader in application security. Other languages and frameworks also have strong security features and the popularity of server-side languages can vary based on different metrics.

Question 5

What you choose to tell the user in error messages is up to you, but it should specifically benefit them.

Accepted Answer

Error messages should be clear, concise, and provide helpful information that can assist the user in resolving the issue. Therefore, the message should benefit them by providing useful guidance for a solution.

Question 6

You do not have to cancel a user's ID or password if they exceed a specified threshold of login times.

Accepted Answer

It is recommended to cancel a user's ID or password if they exceed a specified threshold of login times to ensure the security of the account and data.

Question 7

Logging user traffic, events and data flow is one of the best analysis techniques you can do for an application.

Accepted Answer

Logging user traffic, events and data flow can provide valuable insights into how an application is being used, which features are popular and where there may be issues or errors occurring. This information can then be used to improve the application's performance, user experience and overall success.

Question 8

When logging tailored messages for an application, use a file separate from the server logs and secure the priveleges on that file.

Accepted Answer

It is a good practice to log tailored messages in a separate file to avoid cluttering the server logs and to make it easier to access and analyze the relevant information. Securing the privileges on that file can also prevent unauthorized access and tampering of sensitive information.

Question 9

Input cleansing is an optional task for securing the application.

Accepted Answer

Input cleansing is a critical security task that involves validating and sanitizing user input to prevent attacks such as SQL injection, cross-site scripting (XSS), and other malicious activities that can exploit vulnerabilities in an application.

Question 10

Code refactoring occurs when existing bodies of logic are broken up and moved into many smaller bodies of code.

Accepted Answer

Code refactoring involves restructuring code into smaller, more manageable chunks.

Question 11

Data authorization is a two-way street: first, the user's ID must be validated and second the user's request needs to be authorized.

Accepted Answer

The answer of Data authorization is a two-way street: first,...

Question 12

PHP is a server-side language that runs on application servers.

Accepted Answer

The answer of PHP is a server-side language that runs...

Question 13

Spaghetti code is rather inexpensive to maintain.

Accepted Answer

The answer of Spaghetti code is rather inexpensive to maintain....

Question 14

Not every request that comes into the application should be treated as a potential attack.

Accepted Answer

The answer of Not every request that comes into the...

Question 15

Some popular programming languages that deal wth security include the following: -Java -PHP -C/C++

Accepted Answer

The answer of Some popular programming languages that deal wth...

Question 16

Open source code is greatly discouraged within the software community.

Accepted Answer

The answer of Open source code is greatly discouraged within...

Question 17

Data encapsulation hides all internal code, variables, and logic from the outside world, therefore restricting acces to any outside callers.

Accepted Answer

The answer of Data encapsulation hides all internal code, variables,...

Question 18

Exception handling is the cornerstone for all secure code.

Accepted Answer

The answer of Exception handling is the cornerstone for all...

Question 19

The most notable security flaw with the C/C++ language is the buffer overflow attack.

Accepted Answer

The answer of The most notable security flaw with the...

Question 20

Use singleton objects when a common object or task will be used across multiple use cases for the same reason.

Accepted Answer

The answer of Use singleton objects when a common object...

Question 21

Where should the variables that a program uses be defined?&#10;A) At the end of a program&#10;B) In the middle of a program&#10;C) At the top of the program&#10;D) When the code needs it

Accepted Answer

The answer of Where should the variables that a program...

Question 22

A method's signature is an example of limited code.

Accepted Answer

The answer of A method's signature is an example of...

Question 23

Parameter-driven software is software that looks up values stored in a database and determines what to display, allow, or execute based on those values.

Accepted Answer

The answer of Parameter-driven software is software that looks up...

Question 24

After the debug methods are built into the program, they can be called anywhere at anytime within the program you need to test.

Accepted Answer

The answer of After the debug methods are built into...

Question 25

How can an application alert stakeholders of invasion?&#10;A) cancel the user's password&#10;B) send out SMS messages&#10;C) log the activity in a log file&#10;D) catch all errors

Accepted Answer

The answer of How can an application alert stakeholders of...

Question 26

Which program language is vulnerable to a buffer overflow attack?&#10;A) JAVA&#10;B) C++&#10;C) PHP&#10;D) Perl

Accepted Answer

The answer of Which program language is vulnerable to a...

Question 27

What is it called when developers write a piece of software for a specific purpose&#10;A) software diversity&#10;B) code unit&#10;C) parameter-driven code&#10;D) limited code

Accepted Answer

The answer of What is it called when developers write...

Question 28

What is it called when existing bodies of logic are broken up and moved into many smaller bodies of code?&#10;A) reusable code&#10;B) refactor code&#10;C) code review&#10;D) code debugging

Accepted Answer

The answer of What is it called when existing bodies...

Question 29

It is best to wait to add debugging techniques to the code when the code is broken.

Accepted Answer

The answer of It is best to wait to add...

Question 30

Which item is NOT a characteristic of self-monitoring code?&#10;A) Canceling user passwords&#10;B) Requiring physical requests for data&#10;C) Code refactoring&#10;D) Alerting stakeholders of invasion

Accepted Answer

The answer of Which item is NOT a characteristic of...

Question 31

When reusable code gets buried into other code, the logic can and should be reused by other use cases.

Accepted Answer

The answer of When reusable code gets buried into other...

Question 32

How should a developer code for DEBUGS?&#10;A) Add the DEBUG statements in when needed&#10;B) Build the debug logic into the code while developing&#10;C) Use a debug editor&#10;D) Use a peer review process

Accepted Answer

The answer of How should a developer code for DEBUGS?&#10;A)...

Question 33

What type of software looks up values stored in a database and determines what to display, allow, or execute based on those values&#10;A) limited code&#10;B) software diversity&#10;C) parameter-driven&#10;D) debugging

Accepted Answer

The answer of What type of software looks up values...

Question 34

If logic bombs or Trojan horses were to be snuck in, what type of file would the easiest target?&#10;A) JAR files&#10;B) Java files&#10;C) SQL scripts&#10;D) ANT scripts

Accepted Answer

The answer of If logic bombs or Trojan horses were...

Question 35

What design pattern forces the server to create only one object in its heap, thus making the server run very efficiently while using minimum RAM?&#10;A) MVC&#10;B) Template&#10;C) Singleton&#10;D) Abstract

Accepted Answer

The answer of What design pattern forces the server to...

Question 36

What is the best way to turn off DEBUG statements in the code?&#10;A) automate a script&#10;B) look at the code and manually turn them off&#10;C) leave them on since the information only goes to a log file&#10;D) Use the IDE to turn them off

Accepted Answer

The answer of What is the best way to turn...

Question 37

What is it called when software is developed on the premise that specifications, data, and environments will change?&#10;A) software diversity&#10;B) limited code&#10;C) parameter-driven code&#10;D) debugging code

Accepted Answer

The answer of What is it called when software is...

Question 38

If requesting the application to provide sensitive information over the public network can sometimes be too risky, what should be done?&#10;A) Take the chance and send the data&#10;B) Log all activity&#10;C) Send it but encrypt the data&#10;D) Requiring Physical Requests for Data

Accepted Answer

The answer of If requesting the application to provide sensitive...

Question 39

Which option is NOT a characteristics of Organized code?&#10;A) Import only the classes that are needed to run the program&#10;B) Avoid spaghetti code&#10;C) Declare variables he program uses at the top&#10;D) Use an IDE

Accepted Answer

The answer of Which option is NOT a characteristics of...

Question 40

What should the application do if the user has failed to log in after 5 attempts?&#10;A) allow the user to keep trying&#10;B) cancel the user and force them to request a new id&#10;C) cancel the user for 24 hours&#10;D) cancel the user's password

Accepted Answer

The answer of What should the application do if the...

Question 41

What type of errors are found in syntax?&#10;A) Run time errors&#10;B) Compile time errors&#10;C) SQL errors&#10;D) User errors

Accepted Answer

The answer of What type of errors are found in...

Question 42

What type of list defines only accepted input values?&#10;A) Good list&#10;B) Black list&#10;C) White list&#10;D) Validation list

Accepted Answer

The answer of What type of list defines only accepted...

Question 43

Which is NOT a characteristic of validation the input request?&#10;A) Cleansing the request&#10;B) Authorizing the sender&#10;C) Code for software diversity&#10;D) Encapsulating the data

Accepted Answer

The answer of Which is NOT a characteristic of validation...

Question 44

Which statement best suits the generalization of error messages?&#10;A) More is best&#10;B) error messages the users see, however, should not be the error messages the developers see&#10;C) Everyone needs to see the Error messages&#10;D) Error messages help to the developers fix problems.

Accepted Answer

The answer of Which statement best suits the generalization of...

Question 45

What is the grouping and storing of data inside a single object?&#10;A) Encapsulation&#10;B) Encryption&#10;C) Code hiding&#10;D) Code diversity

Accepted Answer

The answer of What is the grouping and storing of...

Question 46

What is the best way to handle program errors?&#10;A) Place the code between try{} catch {} blocks and handle each error as they occur.&#10;B) Handle each error by adding DEBUG statements&#10;C) Log all Errors in the log file&#10;D) The program should shut down securely of each error

Accepted Answer

The answer of What is the best way to handle...

Question 47

Which of the following steps are NOT needed to for exception handling?&#10;A) Code your own routine&#10;B) Create application-specific exceptions&#10;C) Add debug statements&#10;D) Manage the views

Accepted Answer

The answer of Which of the following steps are NOT...

Question 48

Where do most attacks to software come from?&#10;A) Back door&#10;B) Input fields&#10;C) Servers&#10;D) Database

Accepted Answer

The answer of Where do most attacks to software come...

Question 49

What type of list defines bad input values?&#10;A) Bad list&#10;B) Black list&#10;C) White list&#10;D) No Valid list

Accepted Answer

The answer of What type of list defines bad input...

Question 50

What type of errors when a data flow does not flow as expected?&#10;A) Compile time&#10;B) User errors&#10;C) Run time&#10;D) SQL errors

Accepted Answer

The answer of What type of errors when a data...

Deck 9: Coding in the Cube: Developing Good Habit